diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0227.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0227.json
new file mode 100755
index 000000000..8cebacd6a
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0227.json
@@ -0,0 +1,20 @@
+{
+	"name": "port22OpenToInternet",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port22OpenToInternet",
+		"portNumber": 22,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - (SSH,22)",
+	"reference_id": "AC_AWS_0227",
+	"id": "AC_AWS_0227",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0228.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0228.json
new file mode 100755
index 000000000..9e0cacc69
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0228.json
@@ -0,0 +1,20 @@
+{
+	"name": "port80OpenToInternet",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port80OpenToInternet",
+		"portNumber": 80,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - (HTTP,80)",
+	"reference_id": "AC_AWS_0228",
+	"id": "AC_AWS_0228",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0229.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0229.json
new file mode 100755
index 000000000..906bb8efd
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0229.json
@@ -0,0 +1,20 @@
+{
+	"name": "port443OpenToInternet",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port443OpenToInternet",
+		"portNumber": 443,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Security Groups - Unrestricted Specific Ports - (HTTPS,443)",
+	"reference_id": "AC_AWS_0229",
+	"id": "AC_AWS_0229",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0230.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0230.json
new file mode 100755
index 000000000..f7009ea47
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0230.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3389OpenToInternet",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3389OpenToInternet",
+		"portNumber": 3389,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - remote desktop port (TCP,3389)",
+	"reference_id": "AC_AWS_0230",
+	"id": "AC_AWS_0230",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0231.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0231.json
new file mode 100755
index 000000000..bbffa0e75
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0231.json
@@ -0,0 +1,18 @@
+{
+	"name": "unrestrictedIngressAccess",
+	"file": "unrestrictedIngressAccess.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "unrestrictedIngressAccess",
+		"prefix": "",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure no security groups allow ingress from 0.0.0.0/0 to ALL ports and protocols",
+	"reference_id": "AC_AWS_0231",
+	"id": "AC_AWS_0231",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0232.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0232.json
new file mode 100755
index 000000000..3e7f628cc
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0232.json
@@ -0,0 +1,17 @@
+{
+	"name": "defaultSGNotRestrictsAllTraffic",
+	"file": "defaultSGNotRestrictsAllTraffic.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"name": "defaultSGNotRestrictsAllTraffic",
+		"prefix": "",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure no default security groups are used as they allow ingress from 0.0.0.0/0 to ALL ports and protocols",
+	"reference_id": "AC_AWS_0232",
+	"id": "AC_AWS_0232",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0233.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0233.json
new file mode 100755
index 000000000..38bf86bec
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0233.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4505AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4505AlbNetworkPortSecurity",
+		"portNumber": 4505,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SaltStack Master (TCP,4505)",
+	"reference_id": "AC_AWS_0233",
+	"id": "AC_AWS_0233",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0234.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0234.json
new file mode 100755
index 000000000..57847ec3f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0234.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9200AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9200AlbNetworkPortSecurity",
+		"portNumber": 9200,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Elasticsearch (TCP,9200)",
+	"reference_id": "AC_AWS_0234",
+	"id": "AC_AWS_0234",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0235.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0235.json
new file mode 100755
index 000000000..dfdbe7bc2
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0235.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9300AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9300AlbNetworkPortSecurity",
+		"portNumber": 9300,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Elasticsearch (TCP,9300)",
+	"reference_id": "AC_AWS_0235",
+	"id": "AC_AWS_0235",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0236.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0236.json
new file mode 100755
index 000000000..409b71b51
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0236.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4506AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4506AlbNetworkPortSecurity",
+		"portNumber": 4506,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SaltStack Master (TCP,4506)",
+	"reference_id": "AC_AWS_0236",
+	"id": "AC_AWS_0236",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0237.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0237.json
new file mode 100755
index 000000000..089bc8369
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0237.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3020AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3020AlbNetworkPortSecurity",
+		"portNumber": 3020,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - CIFS / SMB (TCP,3020)",
+	"reference_id": "AC_AWS_0237",
+	"id": "AC_AWS_0237",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0238.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0238.json
new file mode 100755
index 000000000..faf15eccf
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0238.json
@@ -0,0 +1,20 @@
+{
+	"name": "port61621AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port61621AlbNetworkPortSecurity",
+		"portNumber": 61621,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Cassandra OpsCenter agent (TCP,61621)",
+	"reference_id": "AC_AWS_0238",
+	"id": "AC_AWS_0238",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0239.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0239.json
new file mode 100755
index 000000000..c4341fca3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0239.json
@@ -0,0 +1,20 @@
+{
+	"name": "port7001AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port7001AlbNetworkPortSecurity",
+		"portNumber": 7001,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Cassandra (TCP,7001)",
+	"reference_id": "AC_AWS_0239",
+	"id": "AC_AWS_0239",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0240.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0240.json
new file mode 100755
index 000000000..09abb54e3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0240.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9000AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9000AlbNetworkPortSecurity",
+		"portNumber": 9000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Hadoop Name Node (TCP,9000)",
+	"reference_id": "AC_AWS_0240",
+	"id": "AC_AWS_0240",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0241.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0241.json
new file mode 100755
index 000000000..286d01f8c
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0241.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8000AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8000AlbNetworkPortSecurity",
+		"portNumber": 8000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Known internal web port (TCP,8000)",
+	"reference_id": "AC_AWS_0241",
+	"id": "AC_AWS_0241",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0242.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0242.json
new file mode 100755
index 000000000..dfa642c2f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0242.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8080AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8080AlbNetworkPortSecurity",
+		"portNumber": 8080,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Known internal web port (TCP,8080)",
+	"reference_id": "AC_AWS_0242",
+	"id": "AC_AWS_0242",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0243.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0243.json
new file mode 100755
index 000000000..0dcd75787
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0243.json
@@ -0,0 +1,20 @@
+{
+	"name": "port636AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port636AlbNetworkPortSecurity",
+		"portNumber": 636,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - LDAP SSL (TCP,636)",
+	"reference_id": "AC_AWS_0243",
+	"id": "AC_AWS_0243",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0244.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0244.json
new file mode 100755
index 000000000..c431cecc4
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0244.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1434AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1434AlbNetworkPortSecurity",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MSSQL Admin (TCP,1434)",
+	"reference_id": "AC_AWS_0244",
+	"id": "AC_AWS_0244",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0245.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0245.json
new file mode 100755
index 000000000..9a9fccd38
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0245.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1434UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1434UdpAlbNetworkPortSecurity",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MSSQL Browser Service (UDP,1434)",
+	"reference_id": "AC_AWS_0245",
+	"id": "AC_AWS_0245",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0246.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0246.json
new file mode 100755
index 000000000..057e4cb81
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0246.json
@@ -0,0 +1,20 @@
+{
+	"name": "port135AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port135AlbNetworkPortSecurity",
+		"portNumber": 135,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MSSQL Debugger (TCP,135)",
+	"reference_id": "AC_AWS_0246",
+	"id": "AC_AWS_0246",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0247.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0247.json
new file mode 100755
index 000000000..ce7d2365b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0247.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1433AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1433AlbNetworkPortSecurity",
+		"portNumber": 1433,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MSSQL Server (TCP,1433)",
+	"reference_id": "AC_AWS_0247",
+	"id": "AC_AWS_0247",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0248.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0248.json
new file mode 100755
index 000000000..ffb94886f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0248.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11214AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11214AlbNetworkPortSecurity",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Memcached SSL (TCP,11214)",
+	"reference_id": "AC_AWS_0248",
+	"id": "AC_AWS_0248",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0249.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0249.json
new file mode 100755
index 000000000..bc95a74b0
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0249.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11215AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11215AlbNetworkPortSecurity",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Memcached SSL (TCP,11215)",
+	"reference_id": "AC_AWS_0249",
+	"id": "AC_AWS_0249",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0250.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0250.json
new file mode 100755
index 000000000..aa6c6c12a
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0250.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11214UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11214UdpAlbNetworkPortSecurity",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Memcached SSL (UDP,11214)",
+	"reference_id": "AC_AWS_0250",
+	"id": "AC_AWS_0250",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0251.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0251.json
new file mode 100755
index 000000000..fb2b716b7
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0251.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11215UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11215UdpAlbNetworkPortSecurity",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Memcached SSL (UDP,11215)",
+	"reference_id": "AC_AWS_0251",
+	"id": "AC_AWS_0251",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0252.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0252.json
new file mode 100755
index 000000000..1ca722981
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0252.json
@@ -0,0 +1,20 @@
+{
+	"name": "port27018AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port27018AlbNetworkPortSecurity",
+		"portNumber": 27018,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Mongo Web Portal (TCP,27018)",
+	"reference_id": "AC_AWS_0252",
+	"id": "AC_AWS_0252",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0253.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0253.json
new file mode 100755
index 000000000..3b77e7359
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0253.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3306AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3306AlbNetworkPortSecurity",
+		"portNumber": 3306,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MySQL (TCP,3306)",
+	"reference_id": "AC_AWS_0253",
+	"id": "AC_AWS_0253",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0254.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0254.json
new file mode 100755
index 000000000..769736bf3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0254.json
@@ -0,0 +1,20 @@
+{
+	"name": "port137AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port137AlbNetworkPortSecurity",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Name Service (TCP,137)",
+	"reference_id": "AC_AWS_0254",
+	"id": "AC_AWS_0254",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0255.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0255.json
new file mode 100755
index 000000000..6e5b15ec7
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0255.json
@@ -0,0 +1,20 @@
+{
+	"name": "port137UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port137UdpAlbNetworkPortSecurity",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Name Service (UDP,137)",
+	"reference_id": "AC_AWS_0255",
+	"id": "AC_AWS_0255",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0256.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0256.json
new file mode 100755
index 000000000..f726703bb
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0256.json
@@ -0,0 +1,20 @@
+{
+	"name": "port138AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port138AlbNetworkPortSecurity",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Datagram Service (TCP,138)",
+	"reference_id": "AC_AWS_0256",
+	"id": "AC_AWS_0256",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0257.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0257.json
new file mode 100755
index 000000000..b0d7857a2
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0257.json
@@ -0,0 +1,20 @@
+{
+	"name": "port138UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port138UdpAlbNetworkPortSecurity",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Datagram Service (UDP,138)",
+	"reference_id": "AC_AWS_0257",
+	"id": "AC_AWS_0257",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0258.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0258.json
new file mode 100755
index 000000000..8d8874aa3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0258.json
@@ -0,0 +1,20 @@
+{
+	"name": "port139AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port139AlbNetworkPortSecurity",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Session Service (TCP,139)",
+	"reference_id": "AC_AWS_0258",
+	"id": "AC_AWS_0258",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0259.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0259.json
new file mode 100755
index 000000000..462a134f0
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0259.json
@@ -0,0 +1,20 @@
+{
+	"name": "port139UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port139UdpAlbNetworkPortSecurity",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - NetBIOS Session Service (UDP,139)",
+	"reference_id": "AC_AWS_0259",
+	"id": "AC_AWS_0259",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0260.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0260.json
new file mode 100755
index 000000000..19db0fb92
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0260.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2484AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2484AlbNetworkPortSecurity",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Oracle DB SSL (TCP,2484)",
+	"reference_id": "AC_AWS_0260",
+	"id": "AC_AWS_0260",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0261.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0261.json
new file mode 100755
index 000000000..ba908b5fc
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0261.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2484UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2484UdpAlbNetworkPortSecurity",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Oracle DB SSL (UDP,2484)",
+	"reference_id": "AC_AWS_0261",
+	"id": "AC_AWS_0261",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0262.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0262.json
new file mode 100755
index 000000000..716783c77
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0262.json
@@ -0,0 +1,20 @@
+{
+	"name": "port5432AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port5432AlbNetworkPortSecurity",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Postgres SQL (TCP,5432)",
+	"reference_id": "AC_AWS_0262",
+	"id": "AC_AWS_0262",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0263.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0263.json
new file mode 100755
index 000000000..3eacdcd27
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0263.json
@@ -0,0 +1,20 @@
+{
+	"name": "port5432UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port5432UdpAlbNetworkPortSecurity",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Postgres SQL (UDP,5432)",
+	"reference_id": "AC_AWS_0263",
+	"id": "AC_AWS_0263",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0264.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0264.json
new file mode 100755
index 000000000..09af243c3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0264.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3000AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3000AlbNetworkPortSecurity",
+		"portNumber": 3000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Prevalent known internal port (TCP,3000)",
+	"reference_id": "AC_AWS_0264",
+	"id": "AC_AWS_0264",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0265.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0265.json
new file mode 100755
index 000000000..2f1be6d7b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0265.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8140AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8140AlbNetworkPortSecurity",
+		"portNumber": 8140,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Puppet Master (TCP,8140)",
+	"reference_id": "AC_AWS_0265",
+	"id": "AC_AWS_0265",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0266.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0266.json
new file mode 100755
index 000000000..8ed6291b9
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0266.json
@@ -0,0 +1,20 @@
+{
+	"name": "port161UdpAlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port161UdpAlbNetworkPortSecurity",
+		"portNumber": 161,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SNMP (UDP,161)",
+	"reference_id": "AC_AWS_0266",
+	"id": "AC_AWS_0266",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0267.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0267.json
new file mode 100755
index 000000000..cc799c8bc
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0267.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2382AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2382AlbNetworkPortSecurity",
+		"portNumber": 2382,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SQL Server Analysis Service browser (TCP,2382)",
+	"reference_id": "AC_AWS_0267",
+	"id": "AC_AWS_0267",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0268.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0268.json
new file mode 100755
index 000000000..d14541fa8
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0268.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2383AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2383AlbNetworkPortSecurity",
+		"portNumber": 2383,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SQL Server Analysis Services (TCP,2383)",
+	"reference_id": "AC_AWS_0268",
+	"id": "AC_AWS_0268",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0269.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0269.json
new file mode 100755
index 000000000..536761abc
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0269.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4505AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4505AlbNetworkPortSecurity",
+		"portNumber": 4505,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SaltStack Master (TCP,4505)",
+	"reference_id": "AC_AWS_0269",
+	"id": "AC_AWS_0269",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0270.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0270.json
new file mode 100755
index 000000000..23f081b3d
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0270.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1521AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1521AlbNetworkPortSecurity",
+		"portNumber": 1521,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Oracle Database Server (TCP,1521)",
+	"reference_id": "AC_AWS_0270",
+	"id": "AC_AWS_0270",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0271.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0271.json
new file mode 100755
index 000000000..01e8a93f8
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0271.json
@@ -0,0 +1,20 @@
+{
+	"name": "port23AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port23AlbNetworkPortSecurity",
+		"portNumber": 23,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - Telnet (TCP,23)",
+	"reference_id": "AC_AWS_0271",
+	"id": "AC_AWS_0271",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0272.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0272.json
new file mode 100755
index 000000000..96622e45c
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0272.json
@@ -0,0 +1,20 @@
+{
+	"name": "port25AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port25AlbNetworkPortSecurity",
+		"portNumber": 25,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - SMTP (TCP,25)",
+	"reference_id": "AC_AWS_0272",
+	"id": "AC_AWS_0272",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0273.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0273.json
new file mode 100755
index 000000000..7125f3ea6
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0273.json
@@ -0,0 +1,20 @@
+{
+	"name": "port445AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port445AlbNetworkPortSecurity",
+		"portNumber": 445,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - CIFS for file/printer (TCP,445)",
+	"reference_id": "AC_AWS_0273",
+	"id": "AC_AWS_0273",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0274.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0274.json
new file mode 100755
index 000000000..771a6b27b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0274.json
@@ -0,0 +1,20 @@
+{
+	"name": "port27017AlbNetworkPortSecurity",
+	"file": "portOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port27017AlbNetworkPortSecurity",
+		"portNumber": 27017,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Security Groups - Unrestricted Specific Ports - MongoDB (TCP,27017)",
+	"reference_id": "AC_AWS_0274",
+	"id": "AC_AWS_0274",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0275.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0275.json
new file mode 100755
index 000000000..541eef341
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0275.json
@@ -0,0 +1,17 @@
+{
+	"name": "portWideOpenToPublic",
+	"file": "portWideOpenToPublic.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"name": "portWideOpenToPublic",
+		"prefix": "",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure no security groups is wide open to public, that is, allows traffic from 0.0.0.0/0 to ALL ports and protocols",
+	"reference_id": "AC_AWS_0275",
+	"id": "AC_AWS_0275",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0276.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0276.json
new file mode 100755
index 000000000..6ae6b13a4
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0276.json
@@ -0,0 +1,57 @@
+{
+	"name": "unknownPortOpenToInternet",
+	"file": "unknownPortOpenToInternet.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"known_ports": [
+			"0",
+			"22",
+			"23",
+			"25",
+			"80",
+			"443",
+			"445",
+			"3389",
+			"4505",
+			"4506",
+			"3020",
+			"61621",
+			"7001",
+			"9000",
+			"8000",
+			"8080",
+			"636",
+			"1434",
+			"135",
+			"1433",
+			"11214",
+			"11215",
+			"27017",
+			"27018",
+			"3306",
+			"137",
+			"138",
+			"139",
+			"2484",
+			"5432",
+			"3000",
+			"8140",
+			"161",
+			"2382",
+			"2383",
+			"9300",
+			"9200"
+		],
+		"name": "unknownPortOpenToInternet",
+		"prefix": "",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure Unknown Port is not exposed to the entire internet",
+	"reference_id": "AC_AWS_0276",
+	"id": "AC_AWS_0276",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0277.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0277.json
new file mode 100755
index 000000000..1e23c3c01
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0277.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4505AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4505AlbNetworkPortSecurityPublicScope",
+		"portNumber": 4505,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0277",
+	"id": "AC_AWS_0277",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0278.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0278.json
new file mode 100755
index 000000000..75bb9d2a9
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0278.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4506AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4506AlbNetworkPortSecurityPublicScope",
+		"portNumber": 4506,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SaltStack Master (TCP,4506) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0278",
+	"id": "AC_AWS_0278",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0279.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0279.json
new file mode 100755
index 000000000..03beebdd3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0279.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3020AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3020AlbNetworkPortSecurityPublicScope",
+		"portNumber": 3020,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure CIFS / SMB (TCP,3020) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0279",
+	"id": "AC_AWS_0279",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0280.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0280.json
new file mode 100755
index 000000000..2cf8d79c0
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0280.json
@@ -0,0 +1,20 @@
+{
+	"name": "port61621AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port61621AlbNetworkPortSecurityPublicScope",
+		"portNumber": 61621,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Cassandra OpsCenter agent port (TCP,61621) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0280",
+	"id": "AC_AWS_0280",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0281.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0281.json
new file mode 100755
index 000000000..a36faedc1
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0281.json
@@ -0,0 +1,20 @@
+{
+	"name": "port7001AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port7001AlbNetworkPortSecurityPublicScope",
+		"portNumber": 7001,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Cassandra (TCP,7001) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0281",
+	"id": "AC_AWS_0281",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0282.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0282.json
new file mode 100755
index 000000000..cd433f0b0
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0282.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9000AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9000AlbNetworkPortSecurityPublicScope",
+		"portNumber": 9000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Hadoop Name Node (TCP,9000) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0282",
+	"id": "AC_AWS_0282",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0283.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0283.json
new file mode 100755
index 000000000..4fd307104
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0283.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8000AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8000AlbNetworkPortSecurityPublicScope",
+		"portNumber": 8000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Known internal web port (TCP,8000) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0283",
+	"id": "AC_AWS_0283",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0284.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0284.json
new file mode 100755
index 000000000..bd79de749
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0284.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8080AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8080AlbNetworkPortSecurityPublicScope",
+		"portNumber": 8080,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Known internal web port (TCP,8080) is not accessible by a CIDR block range",
+	"reference_id": "AC_AWS_0284",
+	"id": "AC_AWS_0284",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0285.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0285.json
new file mode 100755
index 000000000..154be0539
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0285.json
@@ -0,0 +1,20 @@
+{
+	"name": "port636AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port636AlbNetworkPortSecurityPublicScope",
+		"portNumber": 636,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure LDAP SSL (TCP,636) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0285",
+	"id": "AC_AWS_0285",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0286.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0286.json
new file mode 100755
index 000000000..bbf5d4524
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0286.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1434AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1434AlbNetworkPortSecurityPublicScope",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure MSSQL Admin (TCP,1434) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0286",
+	"id": "AC_AWS_0286",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0287.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0287.json
new file mode 100755
index 000000000..278f00ebb
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0287.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1434UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1434UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure MSSQL Browser Service (UDP,1434) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0287",
+	"id": "AC_AWS_0287",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0288.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0288.json
new file mode 100755
index 000000000..e40cbca1b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0288.json
@@ -0,0 +1,20 @@
+{
+	"name": "port135AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port135AlbNetworkPortSecurityPublicScope",
+		"portNumber": 135,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure MSSQL Debugger (TCP,135) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0288",
+	"id": "AC_AWS_0288",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0289.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0289.json
new file mode 100755
index 000000000..e9c86f7a1
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0289.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1433AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1433AlbNetworkPortSecurityPublicScope",
+		"portNumber": 1433,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure MSSQL Server (TCP,1433) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0289",
+	"id": "AC_AWS_0289",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0290.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0290.json
new file mode 100755
index 000000000..cf1bbb268
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0290.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11214AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11214AlbNetworkPortSecurityPublicScope",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Memcached SSL (TCP,11214) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0290",
+	"id": "AC_AWS_0290",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0291.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0291.json
new file mode 100755
index 000000000..fbf28b943
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0291.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11215AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11215AlbNetworkPortSecurityPublicScope",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Memcached SSL (TCP,11215) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0291",
+	"id": "AC_AWS_0291",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0292.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0292.json
new file mode 100755
index 000000000..171fe6fdd
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0292.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11214UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11214UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Memcached SSL (UDP,11214) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0292",
+	"id": "AC_AWS_0292",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0293.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0293.json
new file mode 100755
index 000000000..8dcf4a3ae
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0293.json
@@ -0,0 +1,20 @@
+{
+	"name": "port11215UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port11215UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Memcached SSL (UDP,11215) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0293",
+	"id": "AC_AWS_0293",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0294.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0294.json
new file mode 100755
index 000000000..a7905b3de
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0294.json
@@ -0,0 +1,20 @@
+{
+	"name": "port27018AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port27018AlbNetworkPortSecurityPublicScope",
+		"portNumber": 27018,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Mongo Web Portal (TCP,27018) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0294",
+	"id": "AC_AWS_0294",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0295.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0295.json
new file mode 100755
index 000000000..ef8242dfe
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0295.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3306AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3306AlbNetworkPortSecurityPublicScope",
+		"portNumber": 3306,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure MySQL (TCP,3306) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0295",
+	"id": "AC_AWS_0295",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0296.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0296.json
new file mode 100755
index 000000000..7285bc5d8
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0296.json
@@ -0,0 +1,20 @@
+{
+	"name": "port137AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port137AlbNetworkPortSecurityPublicScope",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBIOS Name Service (TCP,137) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0296",
+	"id": "AC_AWS_0296",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0297.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0297.json
new file mode 100755
index 000000000..60ed6aa4f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0297.json
@@ -0,0 +1,20 @@
+{
+	"name": "port137UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port137UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBIOS Name Service (UDP,137) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0297",
+	"id": "AC_AWS_0297",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0298.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0298.json
new file mode 100755
index 000000000..66f150580
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0298.json
@@ -0,0 +1,20 @@
+{
+	"name": "port138AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port138AlbNetworkPortSecurityPublicScope",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBios Datagram Service (TCP,138) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0298",
+	"id": "AC_AWS_0298",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0299.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0299.json
new file mode 100755
index 000000000..d67f5a100
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0299.json
@@ -0,0 +1,20 @@
+{
+	"name": "port138UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port138UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBios Datagram Service (UDP,138) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0299",
+	"id": "AC_AWS_0299",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0300.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0300.json
new file mode 100755
index 000000000..0d1f1855a
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0300.json
@@ -0,0 +1,20 @@
+{
+	"name": "port139AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port139AlbNetworkPortSecurityPublicScope",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBios Session Service (TCP,139) is not accessible by a CIDR block range",
+	"reference_id": "AC_AWS_0300",
+	"id": "AC_AWS_0300",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0301.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0301.json
new file mode 100755
index 000000000..99bd4c95d
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0301.json
@@ -0,0 +1,20 @@
+{
+	"name": "port139UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port139UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure NetBios Session Service (UDP,139) is not accessible by a CIDR block range",
+	"reference_id": "AC_AWS_0301",
+	"id": "AC_AWS_0301",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0302.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0302.json
new file mode 100755
index 000000000..77ec78aff
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0302.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2484AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2484AlbNetworkPortSecurityPublicScope",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Oracle DB SSL (TCP,2484) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0302",
+	"id": "AC_AWS_0302",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0303.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0303.json
new file mode 100755
index 000000000..d1425bed0
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0303.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2484UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2484UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Oracle DB SSL (UDP,2484) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0303",
+	"id": "AC_AWS_0303",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0304.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0304.json
new file mode 100755
index 000000000..f8afc5698
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0304.json
@@ -0,0 +1,20 @@
+{
+	"name": "port5432AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port5432AlbNetworkPortSecurityPublicScope",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Postgres SQL (TCP,5432) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0304",
+	"id": "AC_AWS_0304",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0305.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0305.json
new file mode 100755
index 000000000..d25dd9cfc
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0305.json
@@ -0,0 +1,20 @@
+{
+	"name": "port5432UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port5432UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Postgres SQL (UDP,5432) is not accessible by a CIDR block range",
+	"reference_id": "AC_AWS_0305",
+	"id": "AC_AWS_0305",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0306.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0306.json
new file mode 100755
index 000000000..2e4eaaf89
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0306.json
@@ -0,0 +1,20 @@
+{
+	"name": "port3000AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port3000AlbNetworkPortSecurityPublicScope",
+		"portNumber": 3000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Prevalent known internal port (TCP,3000) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0306",
+	"id": "AC_AWS_0306",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0307.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0307.json
new file mode 100755
index 000000000..49b5ab7e3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0307.json
@@ -0,0 +1,20 @@
+{
+	"name": "port8140AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port8140AlbNetworkPortSecurityPublicScope",
+		"portNumber": 8140,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure Puppet Master (TCP:8140) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0307",
+	"id": "AC_AWS_0307",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0308.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0308.json
new file mode 100755
index 000000000..5a396dd50
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0308.json
@@ -0,0 +1,20 @@
+{
+	"name": "port161UdpAlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port161UdpAlbNetworkPortSecurityPublicScope",
+		"portNumber": 161,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SNMP (UDP,161) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0308",
+	"id": "AC_AWS_0308",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0309.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0309.json
new file mode 100755
index 000000000..6518c8eff
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0309.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2382AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2382AlbNetworkPortSecurityPublicScope",
+		"portNumber": 2382,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SQL Server Analysis Service browser (TCP,2382) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0309",
+	"id": "AC_AWS_0309",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0310.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0310.json
new file mode 100755
index 000000000..558d2ca8c
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0310.json
@@ -0,0 +1,20 @@
+{
+	"name": "port2383AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port2383AlbNetworkPortSecurityPublicScope",
+		"portNumber": 2383,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SQL Server Analysis Services (TCP,2383) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0310",
+	"id": "AC_AWS_0310",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0311.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0311.json
new file mode 100755
index 000000000..e6cd49e50
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0311.json
@@ -0,0 +1,20 @@
+{
+	"name": "port4505AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port4505AlbNetworkPortSecurityPublicScope",
+		"portNumber": 4505,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "MEDIUM",
+	"description": "Ensure SaltStack Master (TCP,4505) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0311",
+	"id": "AC_AWS_0311",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0312.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0312.json
new file mode 100755
index 000000000..201bae32e
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0312.json
@@ -0,0 +1,20 @@
+{
+	"name": "port1521AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port1521AlbNetworkPortSecurityPublicScope",
+		"portNumber": 1521,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure Oracle Database Server (TCP,1521) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0312",
+	"id": "AC_AWS_0312",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0313.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0313.json
new file mode 100755
index 000000000..7256dc800
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0313.json
@@ -0,0 +1,20 @@
+{
+	"name": "port23AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port23AlbNetworkPortSecurityPublicScope",
+		"portNumber": 23,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure Telnet (TCP,23) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0313",
+	"id": "AC_AWS_0313",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0314.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0314.json
new file mode 100755
index 000000000..ace459c8f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0314.json
@@ -0,0 +1,20 @@
+{
+	"name": "port25AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port25AlbNetworkPortSecurityPublicScope",
+		"portNumber": 25,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure SMTP (TCP,25) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0314",
+	"id": "AC_AWS_0314",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0315.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0315.json
new file mode 100755
index 000000000..135a55d89
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0315.json
@@ -0,0 +1,20 @@
+{
+	"name": "port445AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port445AlbNetworkPortSecurityPublicScope",
+		"portNumber": 445,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure CIFS for file/printer (TCP,445) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0315",
+	"id": "AC_AWS_0315",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0316.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0316.json
new file mode 100755
index 000000000..b47697d1b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0316.json
@@ -0,0 +1,20 @@
+{
+	"name": "port27017AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port27017AlbNetworkPortSecurityPublicScope",
+		"portNumber": 27017,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure MongoDB (TCP,27017) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0316",
+	"id": "AC_AWS_0316",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0317.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0317.json
new file mode 100755
index 000000000..03c7ae2ab
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0317.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9200AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9200AlbNetworkPortSecurityPublicScope",
+		"portNumber": 9200,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure Elasticsearch (TCP,9200) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0317",
+	"id": "AC_AWS_0317",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0318.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0318.json
new file mode 100755
index 000000000..dbbd64ba1
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0318.json
@@ -0,0 +1,20 @@
+{
+	"name": "port9300AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port9300AlbNetworkPortSecurityPublicScope",
+		"portNumber": 9300,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "HIGH",
+	"description": "Ensure Elasticsearch (TCP,9300) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0318",
+	"id": "AC_AWS_0318",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0319.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0319.json
new file mode 100755
index 000000000..7677c8011
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0319.json
@@ -0,0 +1,20 @@
+{
+	"name": "port22AlbNetworkPortSecurityPublicScope",
+	"file": "portsAlbNetworkPortSecurityPublicScope.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "port22AlbNetworkPortSecurityPublicScope",
+		"portNumber": 22,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure SSH (TCP,22) is not accessible by a public CIDR block range",
+	"reference_id": "AC_AWS_0319",
+	"id": "AC_AWS_0319",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0320.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0320.json
new file mode 100755
index 000000000..0e82dcbf6
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0320.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort22ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort22ExposedToprivate",
+		"portNumber": 22,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports SSH (TCP,22) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0320",
+	"id": "AC_AWS_0320",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0321.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0321.json
new file mode 100755
index 000000000..11b6a7e09
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0321.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort80ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort80ExposedToprivate",
+		"portNumber": 80,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports http (TCP,80) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0321",
+	"id": "AC_AWS_0321",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0322.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0322.json
new file mode 100755
index 000000000..a74d396b3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0322.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort443ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort443ExposedToprivate",
+		"portNumber": 443,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports https (TCP,443) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0322",
+	"id": "AC_AWS_0322",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0323.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0323.json
new file mode 100755
index 000000000..8bf75c081
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0323.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort3389ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort3389ExposedToprivate",
+		"portNumber": 3389,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports remote desktop port (TCP,3389) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0323",
+	"id": "AC_AWS_0323",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0324.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0324.json
new file mode 100755
index 000000000..98dfcb7c5
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0324.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort9200ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort9200ExposedToprivate",
+		"portNumber": 9200,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports Elasticsearch (TCP,9200) is not exposed to  private hosts more than 32",
+	"reference_id": "AC_AWS_0324",
+	"id": "AC_AWS_0324",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0325.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0325.json
new file mode 100755
index 000000000..3d2a4dc4c
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0325.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort4506ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort4506ExposedToprivate",
+		"portNumber": 4506,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports SaltStackMaster (TCP,4506) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0325",
+	"id": "AC_AWS_0325",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0326.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0326.json
new file mode 100755
index 000000000..37eebe846
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0326.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort61621ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort61621ExposedToprivate",
+		"portNumber": 61621,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports CassandraOpsCenteragent (TCP,61621) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0326",
+	"id": "AC_AWS_0326",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0327.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0327.json
new file mode 100755
index 000000000..5940564f8
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0327.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort8080ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort8080ExposedToprivate",
+		"portNumber": 8080,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports Knowninternalwebport (TCP,8080) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0327",
+	"id": "AC_AWS_0327",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0328.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0328.json
new file mode 100755
index 000000000..669d77c82
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0328.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort1434ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort1434ExposedToprivate",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MSSQLAdmin (TCP,1434) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0328",
+	"id": "AC_AWS_0328",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0329.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0329.json
new file mode 100755
index 000000000..204dae356
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0329.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort1434ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort1434ExposedToprivateU",
+		"portNumber": 1434,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MSSQLBrowserService (UDP,1434) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0329",
+	"id": "AC_AWS_0329",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0330.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0330.json
new file mode 100755
index 000000000..5f65d11d7
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0330.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort135ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort135ExposedToprivate",
+		"portNumber": 135,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MSSQLDebugger (TCP,135) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0330",
+	"id": "AC_AWS_0330",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0331.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0331.json
new file mode 100755
index 000000000..e8023245f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0331.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort1433ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort1433ExposedToprivate",
+		"portNumber": 1433,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MSSQLServer (TCP,1433) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0331",
+	"id": "AC_AWS_0331",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0332.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0332.json
new file mode 100755
index 000000000..568848f94
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0332.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort11214ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort11214ExposedToprivate",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (TCP,11214) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0332",
+	"id": "AC_AWS_0332",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0333.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0333.json
new file mode 100755
index 000000000..0c209713f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0333.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort11215ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort11215ExposedToprivate",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (TCP,11215) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0333",
+	"id": "AC_AWS_0333",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0334.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0334.json
new file mode 100755
index 000000000..9046e3433
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0334.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort11214ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort11214ExposedToprivateU",
+		"portNumber": 11214,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (UDP,11214) is not exposed to  private hosts more than 32",
+	"reference_id": "AC_AWS_0334",
+	"id": "AC_AWS_0334",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0335.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0335.json
new file mode 100755
index 000000000..7bb6d8c39
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0335.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort11215ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort11215ExposedToprivateU",
+		"portNumber": 11215,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MemcachedSSL (UDP,11215) is not exposed to  private hosts more than 32",
+	"reference_id": "AC_AWS_0335",
+	"id": "AC_AWS_0335",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0336.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0336.json
new file mode 100755
index 000000000..3faeb7e44
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0336.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort3306ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort3306ExposedToprivate",
+		"portNumber": 3306,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Security Groups Unrestricted Specific Ports MySQL (TCP,3306) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0336",
+	"id": "AC_AWS_0336",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0337.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0337.json
new file mode 100755
index 000000000..ce2e06fa5
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0337.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort3020ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort3020ExposedToprivate",
+		"portNumber": 3020,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure CIFS/SMB' (TCP,3020) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0337",
+	"id": "AC_AWS_0337",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0338.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0338.json
new file mode 100755
index 000000000..c2b24fa6d
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0338.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort7001ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort7001ExposedToprivate",
+		"portNumber": 7001,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Cassandra' (TCP,7001) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0338",
+	"id": "AC_AWS_0338",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0339.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0339.json
new file mode 100755
index 000000000..63bb850da
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0339.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort9000ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort9000ExposedToprivate",
+		"portNumber": 9000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure HadoopNameNode' (TCP,9000) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0339",
+	"id": "AC_AWS_0339",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0340.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0340.json
new file mode 100755
index 000000000..353263215
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0340.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort8000ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort8000ExposedToprivate",
+		"portNumber": 8000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Knowninternalwebport' (TCP,8000) not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0340",
+	"id": "AC_AWS_0340",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0341.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0341.json
new file mode 100755
index 000000000..82d669558
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0341.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort636ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort636ExposedToprivate",
+		"portNumber": 636,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure LDAPSSL' (TCP,636) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0341",
+	"id": "AC_AWS_0341",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0342.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0342.json
new file mode 100755
index 000000000..35d227aa7
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0342.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort27018ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort27018ExposedToprivate",
+		"portNumber": 27018,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure MongoWebPortal' (TCP,27018) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0342",
+	"id": "AC_AWS_0342",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0343.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0343.json
new file mode 100755
index 000000000..45910fb4b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0343.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort137ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort137ExposedToprivate",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSNameService' (TCP,137) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0343",
+	"id": "AC_AWS_0343",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0344.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0344.json
new file mode 100755
index 000000000..bfa148185
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0344.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort137ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort137ExposedToprivateU",
+		"portNumber": 137,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSNameService' (UDP,137) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0344",
+	"id": "AC_AWS_0344",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0345.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0345.json
new file mode 100755
index 000000000..66981e670
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0345.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort138ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort138ExposedToprivate",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSNameService' (UDP,137) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0345",
+	"id": "AC_AWS_0345",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0346.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0346.json
new file mode 100755
index 000000000..17aefb65d
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0346.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort138ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort138ExposedToprivateU",
+		"portNumber": 138,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSDatagramService' (UDP,138) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0346",
+	"id": "AC_AWS_0346",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0347.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0347.json
new file mode 100755
index 000000000..db7590056
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0347.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort139ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort139ExposedToprivate",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSSessionService' (TCP,139) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0347",
+	"id": "AC_AWS_0347",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0348.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0348.json
new file mode 100755
index 000000000..6254a081a
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0348.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort139ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort139ExposedToprivateU",
+		"portNumber": 139,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure NetBIOSSessionService' (UDP,139) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0348",
+	"id": "AC_AWS_0348",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0349.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0349.json
new file mode 100755
index 000000000..16ba8e1c6
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0349.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort2484ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort2484ExposedToprivate",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure OracleDBSSL' (TCP,2484) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0349",
+	"id": "AC_AWS_0349",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0350.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0350.json
new file mode 100755
index 000000000..939420ea9
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0350.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort2484ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort2484ExposedToprivateU",
+		"portNumber": 2484,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure OracleDBSSL' (UDP,2484) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0350",
+	"id": "AC_AWS_0350",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0351.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0351.json
new file mode 100755
index 000000000..e9263adcf
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0351.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort5432ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort5432ExposedToprivate",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure PostgresSQL' (TCP,5432) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0351",
+	"id": "AC_AWS_0351",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0352.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0352.json
new file mode 100755
index 000000000..73449f8bd
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0352.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort5432ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort5432ExposedToprivateU",
+		"portNumber": 5432,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure PostgresSQL' (UDP,5432) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0352",
+	"id": "AC_AWS_0352",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0353.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0353.json
new file mode 100755
index 000000000..916a85dd6
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0353.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort3000ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort3000ExposedToprivate",
+		"portNumber": 3000,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Prevalentknowninternalport' (TCP,3000) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0353",
+	"id": "AC_AWS_0353",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0354.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0354.json
new file mode 100755
index 000000000..08e183e8c
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0354.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort8140ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort8140ExposedToprivate",
+		"portNumber": 8140,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure PuppetMaster' (TCP,8140) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0354",
+	"id": "AC_AWS_0354",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0355.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0355.json
new file mode 100755
index 000000000..7d89f3a79
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0355.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort161ExposedToprivateU",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort161ExposedToprivateU",
+		"portNumber": 161,
+		"prefix": "",
+		"protocol": "udp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure SNMP' (UDP,161) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0355",
+	"id": "AC_AWS_0355",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0356.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0356.json
new file mode 100755
index 000000000..10f884575
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0356.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort2382ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort2382ExposedToprivate",
+		"portNumber": 2382,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure SQLServerAnalysisServicebrowser' (TCP,2382) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0356",
+	"id": "AC_AWS_0356",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0357.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0357.json
new file mode 100755
index 000000000..d88dfb52f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0357.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort2383ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort2383ExposedToprivate",
+		"portNumber": 2383,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure SQLServerAnalysisServices' (TCP,2383) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0357",
+	"id": "AC_AWS_0357",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0358.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0358.json
new file mode 100755
index 000000000..0c7414a8f
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0358.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort1521ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort1521ExposedToprivate",
+		"portNumber": 1521,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure OracleDatabaseServer' (TCP,521) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0358",
+	"id": "AC_AWS_0358",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0359.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0359.json
new file mode 100755
index 000000000..ac121dd03
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0359.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort23ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort23ExposedToprivate",
+		"portNumber": 23,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Telnet' (TCP,23) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0359",
+	"id": "AC_AWS_0359",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0360.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0360.json
new file mode 100755
index 000000000..74004e7b3
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0360.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort25ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort25ExposedToprivate",
+		"portNumber": 25,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure SMTP' (TCP,25) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0360",
+	"id": "AC_AWS_0360",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0361.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0361.json
new file mode 100755
index 000000000..13157aa23
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0361.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort445ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort445ExposedToprivate",
+		"portNumber": 445,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure CIFSforfile/printer' (TCP,445) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0361",
+	"id": "AC_AWS_0361",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0362.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0362.json
new file mode 100755
index 000000000..eb8297df9
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0362.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort27017ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort27017ExposedToprivate",
+		"portNumber": 27017,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure MongoDB' (TCP,27017) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0362",
+	"id": "AC_AWS_0362",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0363.json b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0363.json
new file mode 100755
index 000000000..a06615061
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/AC_AWS_0363.json
@@ -0,0 +1,20 @@
+{
+	"name": "networkPort9300ExposedToprivate",
+	"file": "networkPortExposedToPrivate.rego",
+	"policy_type": "aws",
+	"resource_type": "aws_security_group",
+	"template_args": {
+		"defaultValue": "<cidr>",
+		"name": "networkPort9300ExposedToprivate",
+		"portNumber": 9300,
+		"prefix": "",
+		"protocol": "tcp",
+		"suffix": ""
+	},
+	"severity": "LOW",
+	"description": "Ensure Elasticsearch' (TCP,9300) is not exposed to private hosts more than 32",
+	"reference_id": "AC_AWS_0363",
+	"id": "AC_AWS_0363",
+	"category": "Infrastructure Security",
+	"version": 2
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0194.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0194.json
deleted file mode 100755
index 3370757d4..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0194.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port22AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port22AlbNetworkPortSecurityPublicScope",
-        "portNumber": 22,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "LOW",
-    "description": "'SSH' (TCP:22) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0194",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0319"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0196.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0196.json
deleted file mode 100755
index 2d2250237..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0196.json
+++ /dev/null
@@ -1,19 +0,0 @@
-{
-    "name": "port4505AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port4505AlbNetworkPortSecurityPublicScope",
-        "numberOfHosts": -1,
-        "portNumber": 4505,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'SaltStack Master' (TCP:4505) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0196",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0277"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0218.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0218.json
deleted file mode 100755
index e05bb0b54..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0218.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port3020AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port3020AlbNetworkPortSecurityPublicScope",
-        "portNumber": 3020,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'CIFS / SMB' (TCP:3020) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0218",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0279"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0220.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0220.json
deleted file mode 100755
index 7e0ef38f4..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0220.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port61621AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port61621AlbNetworkPortSecurityPublicScope",
-        "portNumber": 61621,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Cassandra OpsCenter agent port' (TCP:61621) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0220",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0280"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0222.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0222.json
deleted file mode 100755
index 35f9782ae..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0222.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port7001AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port7001AlbNetworkPortSecurityPublicScope",
-        "portNumber": 7001,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Cassandra' (TCP:7001) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0222",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0281"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0224.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0224.json
deleted file mode 100755
index 1bdf8005c..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0224.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port9000AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port9000AlbNetworkPortSecurityPublicScope",
-        "portNumber": 9000,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Hadoop Name Node' (TCP:9000) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0224",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0282"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0226.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0226.json
deleted file mode 100755
index dc7aac099..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0226.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port8000AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port8000AlbNetworkPortSecurityPublicScope",
-        "portNumber": 8000,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Known internal web port' (TCP:8000) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0226",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0283"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0228.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0228.json
deleted file mode 100755
index c7f1d205e..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0228.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port8080AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port8080AlbNetworkPortSecurityPublicScope",
-        "portNumber": 8080,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Known internal web port' (TCP:8080) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0228",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0284"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0230.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0230.json
deleted file mode 100755
index e0ca10d03..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0230.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port636AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port636AlbNetworkPortSecurityPublicScope",
-        "portNumber": 636,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'LDAP SSL ' (TCP:636) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0230",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0285"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0232.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0232.json
deleted file mode 100755
index 3f0ec414e..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0232.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port1434AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port1434AlbNetworkPortSecurityPublicScope",
-        "portNumber": 1434,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'MSSQL Admin' (TCP:1434) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0232",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0286"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0234.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0234.json
deleted file mode 100755
index a9257ed75..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0234.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port1434UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port1434UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 1434,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'MSSQL Browser Service' (UDP:1434) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0234",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0287"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0236.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0236.json
deleted file mode 100755
index 219e867f1..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0236.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port135AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port135AlbNetworkPortSecurityPublicScope",
-        "portNumber": 135,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'MSSQL Debugger' (TCP:135) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0236",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0288"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0238.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0238.json
deleted file mode 100755
index caebed125..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0238.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port1433AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port1433AlbNetworkPortSecurityPublicScope",
-        "portNumber": 1433,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'MSSQL Server' (TCP:1433) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0238",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0289"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0240.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0240.json
deleted file mode 100755
index d9929c260..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0240.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port11214AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port11214AlbNetworkPortSecurityPublicScope",
-        "portNumber": 11214,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Memcached SSL' (TCP:11214) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0240",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0290"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0242.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0242.json
deleted file mode 100755
index a00cb22ed..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0242.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port11215AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port11215AlbNetworkPortSecurityPublicScope",
-        "portNumber": 11215,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Memcached SSL' (TCP:11215) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0242",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0291"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0244.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0244.json
deleted file mode 100755
index 7eab04478..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0244.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port11214UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port11214UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 11214,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Memcached SSL' (UDP:11214) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0244",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0292"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0246.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0246.json
deleted file mode 100755
index 1751585de..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0246.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port11215UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port11215UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 11215,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Memcached SSL' (UDP:11215) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0246",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0293"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0248.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0248.json
deleted file mode 100755
index 3503abe53..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0248.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port27018AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port27018AlbNetworkPortSecurityPublicScope",
-        "portNumber": 27018,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Mongo Web Portal' (TCP:27018) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0248",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0294"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0250.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0250.json
deleted file mode 100755
index d452a2f2e..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0250.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port3306AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port3306AlbNetworkPortSecurityPublicScope",
-        "portNumber": 3306,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'MySQL' (TCP:3306) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0250",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0295"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0252.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0252.json
deleted file mode 100755
index a48020d66..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0252.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port137AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port137AlbNetworkPortSecurityPublicScope",
-        "portNumber": 137,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Name Service' (TCP:137) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0252",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0296"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0254.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0254.json
deleted file mode 100755
index d580cd882..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0254.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port137UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port137UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 137,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Name Service' (UDP:137) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0254",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0297"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0256.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0256.json
deleted file mode 100755
index 0ce70e8bc..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0256.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port138AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port138AlbNetworkPortSecurityPublicScope",
-        "portNumber": 138,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Datagram Service' (TCP:138) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0256",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0298"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0258.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0258.json
deleted file mode 100755
index f01c40963..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0258.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port138UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port138UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 138,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Datagram Service' (UDP:138) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0258",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0299"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0260.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0260.json
deleted file mode 100755
index ddfe8d2ad..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0260.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port139AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port139AlbNetworkPortSecurityPublicScope",
-        "portNumber": 139,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Session Service' (TCP:139) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0260",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0300"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0262.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0262.json
deleted file mode 100755
index 6de5f1502..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0262.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port139UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port139UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 139,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'NetBIOS Session Service' (UDP:139) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0262",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0301"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0264.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0264.json
deleted file mode 100755
index 8a9133685..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0264.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port2484AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port2484AlbNetworkPortSecurityPublicScope",
-        "portNumber": 2484,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Oracle DB SSL' (TCP:2484) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0264",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0302"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0266.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0266.json
deleted file mode 100755
index 92e9ca464..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0266.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port2484UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port2484UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 2484,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Oracle DB SSL' (UDP:2484) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0266",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0303"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0268.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0268.json
deleted file mode 100755
index f9de6b735..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0268.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port5432AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port5432AlbNetworkPortSecurityPublicScope",
-        "portNumber": 5432,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Postgres SQL' (TCP:5432) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0268",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0304"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0270.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0270.json
deleted file mode 100755
index 5a21bdeb7..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0270.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port5432UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port5432UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 5432,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Postgres SQL' (UDP:5432) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0270",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0305"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0272.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0272.json
deleted file mode 100755
index 8e09b0d57..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0272.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port3000AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port3000AlbNetworkPortSecurityPublicScope",
-        "portNumber": 3000,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Prevalent known internal port' (TCP:3000) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0272",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0306"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0274.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0274.json
deleted file mode 100755
index 9cc5bc4d7..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0274.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port8140AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port8140AlbNetworkPortSecurityPublicScope",
-        "portNumber": 8140,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'Puppet Master' (TCP:8140) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0274",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0307"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0276.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0276.json
deleted file mode 100755
index a1733234f..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0276.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port161UdpAlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port161UdpAlbNetworkPortSecurityPublicScope",
-        "portNumber": 161,
-        "prefix": "",
-        "protocol": "udp"
-    },
-    "severity": "MEDIUM",
-    "description": "'SNMP' (UDP:161) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0276",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0308"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0278.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0278.json
deleted file mode 100755
index 3a6f4f715..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0278.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port2382AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port2382AlbNetworkPortSecurityPublicScope",
-        "portNumber": 2382,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'SQL Server Analysis Service browser' (TCP:2382) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0278",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0309"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0280.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0280.json
deleted file mode 100755
index 5acff3bb1..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.NetworkPortsSecurity.High.0280.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port2383AlbNetworkPortSecurityPublicScope",
-    "file": "portsAlbNetworkPortSecurityPublicScope.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "name": "port2383AlbNetworkPortSecurityPublicScope",
-        "portNumber": 2383,
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "MEDIUM",
-    "description": "'SQL Server Analysis Services' (TCP:2383) is accessible by a CIDR block range",
-    "reference_id": "AWS.ALB.NetworkPortsSecurity.High.0280",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0310"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0014.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0014.json
deleted file mode 100644
index c8e2b1d66..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0014.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "name": "noRuleDescription",
-    "file": "noRuleDescription.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "prefix": ""
-    },
-    "severity": "LOW",
-    "description": "Ensure every security group rule ingress/egress should have a description to ease the process of Auditing",
-    "reference_id": "AWS.ALB.SBP.High.0014",
-    "category": "Security Best Practices",
-    "version": 2
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0015.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0015.json
deleted file mode 100644
index f6df36b9d..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.ALB.SBP.High.0015.json
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-    "name": "noSgDescription",
-    "file": "noSgDescription.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "prefix": ""
-    },
-    "severity": "LOW",
-    "description": "Ensure every security group should have a description to ease the process of Auditing",
-    "reference_id": "AWS.ALB.SBP.High.0015",
-    "category": "Security Best Practices",
-    "version": 2
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1045.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1045.json
deleted file mode 100755
index 053902f63..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1045.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "name": "portWideOpenToPublic",
-    "file": "portWideOpenToPublic.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "prefix": ""
-    },
-    "severity": "HIGH",
-    "description": "It is recommended that no security group allows unrestricted ingress access",
-    "reference_id": "AWS.SecurityGroup.NPS.High.1045",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0275"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1046.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1046.json
deleted file mode 100755
index ea8b3b32c..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NPS.High.1046.json
+++ /dev/null
@@ -1,54 +0,0 @@
-{
-    "name": "unknownPortOpenToInternet",
-    "file": "unknownPortOpenToInternet.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "known_ports": [
-            "0",
-            "22",
-            "23",
-            "25",
-            "80",
-            "443",
-            "445",
-            "3389",
-            "4505",
-            "4506",
-            "3020",
-            "61621",
-            "7001",
-            "9000",
-            "8000",
-            "8080",
-            "636",
-            "1434",
-            "135",
-            "1433",
-            "11214",
-            "11215",
-            "27017",
-            "27018",
-            "3306",
-            "137",
-            "138",
-            "139",
-            "2484",
-            "5432",
-            "3000",
-            "8140",
-            "161",
-            "2382",
-            "2383",
-            "9300",
-            "9200"
-        ],
-        "prefix": ""
-    },
-    "severity": "HIGH",
-    "description": "Unknown Port is exposed to the entire internet",
-    "reference_id": "AWS.SecurityGroup.NPS.High.1046",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0276"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0560.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0560.json
deleted file mode 100755
index b173d4500..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0560.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port22OpenToInternet",
-    "file": "portOpenToInternet.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "from_port": 22,
-        "name": "port22OpenToInternet",
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "HIGH",
-    "description": "ssh port open to internet",
-    "reference_id": "AWS.SecurityGroup.NetworkPortsSecurity.Low.0560",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0227"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0561.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0561.json
deleted file mode 100755
index 711e6f30b..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0561.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port80OpenToInternet",
-    "file": "portOpenToInternet.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "from_port": 80,
-        "name": "port80OpenToInternet",
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "HIGH",
-    "description": "http port open to internet",
-    "reference_id": "AWS.SecurityGroup.NetworkPortsSecurity.Low.0561",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0228"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0562.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0562.json
deleted file mode 100755
index b047e7996..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkPortsSecurity.Low.0562.json
+++ /dev/null
@@ -1,18 +0,0 @@
-{
-    "name": "port3389OpenToInternet",
-    "file": "portOpenToInternet.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "from_port": 3389,
-        "name": "port3389OpenToInternet",
-        "prefix": "",
-        "protocol": "tcp"
-    },
-    "severity": "HIGH",
-    "description": "remote desktop port open to internet",
-    "reference_id": "AWS.SecurityGroup.NetworkPortsSecurity.Low.0562",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0230"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json
deleted file mode 100755
index 865717775..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0094.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "name": "unrestrictedIngressAccess",
-    "file": "unrestrictedIngressAccess.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "prefix": ""
-    },
-    "severity": "HIGH",
-    "description": " It is recommended that no security group allows unrestricted ingress access",
-    "reference_id": "AWS.SecurityGroup.NetworkSecurity.High.0094",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0231"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0097.json b/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0097.json
deleted file mode 100755
index dc7251841..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/AWS.SecurityGroup.NetworkSecurity.High.0097.json
+++ /dev/null
@@ -1,15 +0,0 @@
-{
-    "name": "defaultSGNotRestrictsAllTraffic",
-    "file": "defaultSGNotRestrictsAllTraffic.rego",
-    "policy_type": "aws",
-    "resource_type": "aws_security_group",
-    "template_args": {
-        "prefix": ""
-    },
-    "severity": "HIGH",
-    "description": "A VPC comes with a default security group whose initial settings deny all inbound traffic, allow all outbound traffic, and allow all traffic between instances assigned to the security group. If you don't specify a security group when you launch an instance, the instance is automatically assigned to this default security group. Security groups provide stateful filtering of ingress/egress network traffic to AWS resources. It is recommended that the default security group restrict all traffic. Configuring the default security group to restrict all traffic will encourage least privilege security group development and mindful placement of AWS resource into security groups which will in-turn reduce the exposure of those resources.",
-    "reference_id": "AWS.SecurityGroup.NetworkSecurity.High.0097",
-    "category": "Infrastructure Security",
-    "version": 2,
-    "id": "AC_AWS_0232"
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/defaultSGNotRestrictsAllTraffic.rego b/pkg/policies/opa/rego/aws/aws_security_group/defaultSGNotRestrictsAllTraffic.rego
index de2b6350d..ca70b794b 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/defaultSGNotRestrictsAllTraffic.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/defaultSGNotRestrictsAllTraffic.rego
@@ -1,6 +1,6 @@
 package accurics
 
-{{.prefix}}defaultSGNotRestrictsAllTraffic[retVal] {
+{{.prefix}}{{.name}}{{.suffix}}[retVal] {
     security_group = input.aws_security_group[_]
 
     disabled = true
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/networkPortExposedToPrivate.rego b/pkg/policies/opa/rego/aws/aws_security_group/networkPortExposedToPrivate.rego
new file mode 100644
index 000000000..452d68d8b
--- /dev/null
+++ b/pkg/policies/opa/rego/aws/aws_security_group/networkPortExposedToPrivate.rego
@@ -0,0 +1,68 @@
+package accurics
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sg := input.aws_security_group[_]
+    some i
+    ingress := sg.config.ingress[i]
+
+    expected := checkConfig(ingress)
+    traverse := sprintf("ingress[%d].cidr_blocks", [i])
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(sg.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr := input.aws_security_group_rule[_]
+
+    sgr.config.type == "ingress"
+    expected := checkConfig(sgr.config)
+    traverse_attribute := "cidr_blocks"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.cidr_blocks)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "AttributeDataType": "list",
+        "Expected": expected,
+        "Actual": actual,
+    }
+}
+
+checkConfig(config) = expected {
+    checkPort(config, {{.portNumber}})
+    checkProtocol(config.protocol, "{{.protocol}}")
+    expected := [item | item := checkScopeIsPrivate(config.cidr_blocks[_])]
+    expected != []
+}
+
+checkPort(config, port) {
+    config.from_port == port
+}
+
+checkPort(config, port) {
+    config.to_port == port
+}
+
+checkProtocol(configProtocol, protocol) {
+    protocols = [protocol, "-1"]
+    upper(configProtocol) == upper(protocols[_])
+}
+
+checkScopeIsPrivate(ingress_cidr) = value {
+    glob.match("[0-9]*.[0-9]*.[0-9]*.*", [], ingress_cidr)
+
+    private_ips = ["10.0.0.0/8", "192.168.0.0/16", "172.16.0.0/12"]
+    net.cidr_contains(private_ips[_], ingress_cidr)
+
+    hosts = split(ingress_cidr, "/")
+    to_number(hosts[1]) < 27
+
+    value := "{{.defaultValue}}"
+}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/noRuleDescription.rego b/pkg/policies/opa/rego/aws/aws_security_group/noRuleDescription.rego
deleted file mode 100644
index ff7c1ba63..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/noRuleDescription.rego
+++ /dev/null
@@ -1,13 +0,0 @@
-package accurics
-
-{{.prefix}}noRuleDescription[sg.id]{
-    sg = input.aws_security_group[_]
-	egress := sg.config.egress[_]
-    egress.description == ["", " "][_] #for terraformer quotes have a space
-}
-
-{{.prefix}}noRuleDescription[sg.id]{
-    sg = input.aws_security_group[_]
-	ingress := sg.config.ingress[_]
-    ingress.description == ["", " "][_]
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/noSgDescription.rego b/pkg/policies/opa/rego/aws/aws_security_group/noSgDescription.rego
deleted file mode 100644
index 39ccf7e29..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/noSgDescription.rego
+++ /dev/null
@@ -1,6 +0,0 @@
-package accurics
-
-{{.prefix}}noSgDescription[sg.id]{
-    sg = input.aws_security_group[_]
-	object.get(sg.config, "description", "undefined") = ["undefined", "Managed by Terraform"][_]
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/portOpenToInternet.rego b/pkg/policies/opa/rego/aws/aws_security_group/portOpenToInternet.rego
index 83773916b..db7f8f5a5 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/portOpenToInternet.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/portOpenToInternet.rego
@@ -1,23 +1,65 @@
 package accurics
 
-{{.prefix}}{{.name}}[retVal]{
-    security_group = input.aws_security_group[_]
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sg := input.aws_security_group[_]
     some i
-    ingress = security_group.config.ingress[i]
-    ingress.protocol == "{{.protocol}}"
-    ingress.from_port == {{.from_port}}
-    ingress.cidr_blocks[j] == "0.0.0.0/0"
-    expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
+    ingress := sg.config.ingress[i]
+
+    expected := checkConfig(ingress)
     traverse := sprintf("ingress[%d].cidr_blocks", [i])
-    retVal := { "Id": security_group.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.cidr_blocks", "AttributeDataType": "list", "Expected": expected, "Actual": ingress.cidr_blocks }
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(sg.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr := input.aws_security_group_rule[_]
+
+    sgr.config.type == "ingress"
+    expected := checkConfig(sgr.config)
+    traverse_attribute := "cidr_blocks"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.cidr_blocks)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "AttributeDataType": "list",
+        "Expected": expected,
+        "Actual": actual
+    }
+}
+
+checkConfig(config) = expected {
+    config.cidr_blocks[_] == "0.0.0.0/0"
+    checkProtocol(config.protocol, "{{.protocol}}")
+    checkPort(config, {{.portNumber}})
+    expected := [ item | item := validate_cidr(config.cidr_blocks[_]) ]
+    expected != []
+}
+
+checkProtocol(configProtocol, protocol) {
+    protocols = [protocol, "-1"]
+    upper(configProtocol) == upper(protocols[_])
+}
+
+checkPort(config, port) {
+    config.from_port == port
+}
+
+checkPort(config, port) {
+    config.to_port == port
 }
 
-validate_cidr(cidr) = value {
-	cidr == "0.0.0.0/0"
-    value := "<cidr>"
+validate_cidr(cidr) = "{{.defaultValue}}" {
+    cidr == "0.0.0.0/0"
 }
 
-validate_cidr(cidr) = value {
-	cidr != "0.0.0.0/0"
-    value := cidr
+validate_cidr(cidr) = cidr {
+    cidr != "0.0.0.0/0"
 }
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/portWideOpenToPublic.rego b/pkg/policies/opa/rego/aws/aws_security_group/portWideOpenToPublic.rego
index e8185153a..674a7fda4 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/portWideOpenToPublic.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/portWideOpenToPublic.rego
@@ -1,19 +1,47 @@
 package accurics
 
-{{.prefix}}portWideOpenToPublic[retVal] {
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
     sg = input.aws_security_group[_]
     some i
     ingress = sg.config.ingress[i]
 
-    # Checks if the cidr block is not a private IP
-    ingress.cidr_blocks[_] == "0.0.0.0/0"
-
-    ports_open = (ingress.to_port - ingress.from_port)
-
-    ports_open > 0
+    checkConfig(ingress)
 
     traverse := sprintf("ingress[%d].to_port", [i])
+    attribute := "ingress.from_port"
     expected := ingress.to_port
 
-    retVal := { "Id": sg.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.from_port", "AttributeDataType": "int", "Expected": expected, "Actual": ingress.from_port }
+    retval := getretval(sg.id, traverse, attribute, expected, ingress.from_port)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr = input.aws_security_group_rule[_]
+    sgr.config.type == "ingress"
+
+    checkConfig(sgr.config)
+
+    expected := sgr.config.to_port
+    traverse_attribute = "from_port"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.from_port)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "AttributeDataType": "int",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "Expected": expected,
+        "Actual": actual
+    }
+}
+
+checkConfig(ingress) {
+    ingress.cidr_blocks[_] == "0.0.0.0/0"
+
+    ports_open = (ingress.to_port - ingress.from_port)
+    ports_open > 0
 }
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurity.rego b/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurity.rego
deleted file mode 100755
index 353e6fa2b..000000000
--- a/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurity.rego
+++ /dev/null
@@ -1,36 +0,0 @@
-package accurics
-
-{{.prefix}}{{.name}}[retVal] {
-    sg = input.aws_security_group[_]
-    some i
-    ingress = sg.config.ingress[i]
-    # Checks if the cidr block is not a private IP
-    ingress.cidr_blocks[j] == "0.0.0.0/0"
-    checkProtocol(ingress.protocol)
-    # Check if port range matches what we are detecting.
-    checkPort(ingress, {{.portNumber}})
-
-    expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
-    traverse := sprintf("ingress[%d].cidr_blocks", [i])
-    retVal := { "Id": sg.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.cidr_blocks", "AttributeDataType": "list", "Expected": expected, "Actual": ingress.cidr_blocks }
-}
-
-checkProtocol(proto) {
-    protocols = ["{{.protocol}}", "-1"]
-    proto == protocols[_]
-}
-
-checkPort(obj, val) = true {
-    obj.from_port == val
-    obj.to_port == val
-}
-
-validate_cidr(cidr) = value {
-	cidr == "0.0.0.0/0"
-    value := "<cidr>"
-}
-
-validate_cidr(cidr) = value {
-	cidr != "0.0.0.0/0"
-    value := cidr
-}
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurityPublicScope.rego b/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurityPublicScope.rego
index 1b06d8f1b..5b02e0aeb 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurityPublicScope.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/portsAlbNetworkPortSecurityPublicScope.rego
@@ -1,18 +1,46 @@
 package accurics
 
-{{.prefix}}{{.name}}[retVal] {
-    sg = input.aws_security_group[_]
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sg := input.aws_security_group[_]
     some i
-    ingress = sg.config.ingress[i]
-    # Checks if the cidr block is not a private IP
-    checkScopeIsPublic(ingress.cidr_blocks[j])
-    checkProtocol(ingress.protocol)
-    # Check if port range matches what we are detecting.
-    checkPort(ingress, {{.portNumber}})
-
-    expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
+    ingress := sg.config.ingress[i]
+
+    expected := checkConfig(ingress)
     traverse := sprintf("ingress[%d].cidr_blocks", [i])
-    retVal := { "Id": sg.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.cidr_blocks", "AttributeDataType": "list", "Expected": expected, "Actual": ingress.cidr_blocks }
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(sg.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr := input.aws_security_group_rule[_]
+
+    sgr.config.type == "ingress"
+    expected := checkConfig(sgr.config)
+    traverse_attribute := "cidr_blocks"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.cidr_blocks)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "AttributeDataType": "list",
+        "Expected": expected,
+        "Actual": actual
+    }
+}
+
+checkConfig(config) = expected {
+    checkScopeIsPublic(config.cidr_blocks[_])
+    checkProtocol(config.protocol, "{{.protocol}}")
+    checkPort(config, {{.portNumber}})
+    expected := [ item | item := validate_cidr(config.cidr_blocks[_]) ]
+    expected != []
 }
 
 scopeIsPrivate(scope) {
@@ -25,29 +53,23 @@ checkScopeIsPublic(val) {
     val != "0.0.0.0/0"
 }
 
-checkProtocol(proto) {
-    protocols = ["{{.protocol}}", "-1"]
-    proto == protocols[_]
+checkProtocol(configProtocol, protocol) {
+    protocols = [protocol, "-1"]
+    upper(configProtocol) == upper(protocols[_])
 }
 
-checkPort(obj, val) = true {
-    obj.from_port == val
-    obj.to_port == val
+checkPort(config, port) {
+    config.from_port == port
 }
 
-validate_cidr(cidr) = value {
-	checkScopeIsPublic(cidr)
-    value := "<cidr>"
+checkPort(config, port) {
+    config.to_port == port
 }
 
-validate_cidr(cidr) = value {
-	not checkScopeIsPublic(cidr)
-    cidr == "0.0.0.0/0"
-    value := "<cidr>"
+validate_cidr(cidr) = "{{.defaultValue}}" {
+    checkScopeIsPublic(cidr)
 }
 
-validate_cidr(cidr) = value {
-	not checkScopeIsPublic(cidr)
-    cidr != "0.0.0.0/0"
-    value := cidr
+validate_cidr(cidr) = cidr {
+    not checkScopeIsPublic(cidr)
 }
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/unknownPortOpenToInternet.rego b/pkg/policies/opa/rego/aws/aws_security_group/unknownPortOpenToInternet.rego
index 57f4ee182..18e96dc84 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/unknownPortOpenToInternet.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/unknownPortOpenToInternet.rego
@@ -1,29 +1,76 @@
 package accurics
 
-{{.prefix}}unknownPortOpenToInternet[retVal]{
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
     security_group = input.aws_security_group[_]
     some i
     ingress = security_group.config.ingress[i]
 
     ingress.cidr_blocks[j] == "0.0.0.0/0"
     known_ports = [{{range .known_ports}}{{- printf "%q" . }},{{end}}]
+    ingress.protocol  == ["tcp", "udp", "-1"][_]
     not contains_port(known_ports, ingress.from_port)
 
     expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
     traverse := sprintf("ingress[%d].cidr_blocks", [i])
-    retVal := { "Id": security_group.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.cidr_blocks", "AttributeDataType": "list", "Expected": expected, "Actual": ingress.cidr_blocks }
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(security_group.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    security_group = input.aws_security_group[_]
+    some i
+    ingress = security_group.config.ingress[i]
+
+    ingress.cidr_blocks[j] == "0.0.0.0/0"
+    known_ports = ["3", "4"]
+    ingress.protocol == "icmp"
+    not contains_port(known_ports, ingress.from_port)
+
+    expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
+    traverse := sprintf("ingress[%d].cidr_blocks", [i])
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(security_group.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr = input.aws_security_group_rule[_]
+    sgr.config.type == "ingress"
+    some i
+    cidr = sgr.config.cidr_blocks[i]
+    cidr == "0.0.0.0/0"
+
+    known_ports = [{{range .known_ports}}{{- printf "%q" . }},{{end}}]
+    not contains_port(known_ports, sgr.config.from_port)
+
+    expected := [ item | item := validate_cidr(sgr.config.cidr_blocks[_]) ]
+    traverse_attribute := "cidr_blocks"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.cidr_blocks)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "AttributeDataType": "list",
+        "Expected": expected,
+        "Actual": actual
+    }
 }
 
-validate_cidr(cidr) = value {
+validate_cidr(cidr) = "{{.defaultValue}}" {
 	cidr == "0.0.0.0/0"
-    value := "<cidr>"
 }
 
-validate_cidr(cidr) = value {
-	cidr != "0.0.0.0/0"
-    value := cidr
+validate_cidr(cidr) = cidr {
+    cidr != "0.0.0.0/0"
 }
 
 contains_port(known_ports, port) {
-	known_ports[_] == sprintf("%d", [port])
+    known_ports[_] == sprintf("%d", [port])
 }
\ No newline at end of file
diff --git a/pkg/policies/opa/rego/aws/aws_security_group/unrestrictedIngressAccess.rego b/pkg/policies/opa/rego/aws/aws_security_group/unrestrictedIngressAccess.rego
index 77c643087..5625f2aaf 100755
--- a/pkg/policies/opa/rego/aws/aws_security_group/unrestrictedIngressAccess.rego
+++ b/pkg/policies/opa/rego/aws/aws_security_group/unrestrictedIngressAccess.rego
@@ -1,24 +1,61 @@
 package accurics
 
-{{.prefix}}unrestrictedIngressAccess[retVal] {
-    security_group = input.aws_security_group[_]
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    security_group := input.aws_security_group[_]
+
     some i
-    ingress = security_group.config.ingress[i]
+    some j
+    ingress := security_group.config.ingress[i]
+
     ingress.cidr_blocks[j] == "0.0.0.0/0"
-    ingress.from_port == 0
-    ingress.to_port == 0
-    ingress.protocol == "-1"
+    check_config(ingress)
+
     expected := [ item | item := validate_cidr(ingress.cidr_blocks[_]) ]
     traverse := sprintf("ingress[%d].cidr_blocks", [i])
-    retVal := { "Id": security_group.id, "ReplaceType": "edit", "CodeType": "attribute", "Traverse": traverse, "Attribute": "ingress.cidr_blocks", "AttributeDataType": "list", "Expected": expected, "Actual": ingress.cidr_blocks }
+    attribute := "ingress.cidr_blocks"
+
+    retval := getretval(security_group.id, traverse, attribute, expected, ingress.cidr_blocks)
+}
+
+{{.prefix}}{{.name}}{{.suffix}}[retval] {
+    sgr := input.aws_security_group_rule[_]
+    sgr.config.type == "ingress"
+
+    some i
+    cidr := sgr.config.cidr_blocks[i]
+
+    cidr == "0.0.0.0/0"
+    check_config(sgr.config)
+
+    expected := [ item | item := validate_cidr(sgr.config.cidr_blocks[_]) ]
+    traverse_attribute := "cidr_blocks"
+
+    retval := getretval(sgr.id, traverse_attribute, traverse_attribute, expected, sgr.config.cidr_blocks)
+}
+
+getretval(id, traverse, attribute, expected, actual) = retval {
+    retval := {
+        "Id": id,
+        "ReplaceType": "edit",
+        "CodeType": "attribute",
+        "Traverse": traverse,
+        "Attribute": attribute,
+        "AttributeDataType": "list",
+        "Expected": expected,
+        "Actual": actual
+    }
+}
+
+check_config(config) {
+    config.from_port == 0
+    config.to_port == 0
+    config.protocol == "-1"
 }
 
-validate_cidr(cidr) = value {
-	cidr == "0.0.0.0/0"
-    value := "<cidr>"
+validate_cidr(cidr) = "{{.defaultValue}}" {
+    cidr == "0.0.0.0/0"
 }
 
-validate_cidr(cidr) = value {
-	cidr != "0.0.0.0/0"
-    value := cidr
+validate_cidr(cidr) = cidr {
+    cidr != "0.0.0.0/0"
 }
\ No newline at end of file